Critical Nexx Vulnerability Allows Hackers to Remotely Open Garage Doors

A security researcher recently disclosed several vulnerabilities in Nexx smart devices that could allow an attacker to control garage doors, disable home alarms, and access sensitive information.

The five security issues range in severity from medium to critical, and the vendor has yet to acknowledge and fix them. The most significant vulnerability discovered is the use of hardcoded universal credentials in the firmware, which are also easily accessible from the client communication with Nexx’s API.

Overview of Nexx vulnerabilities

Independent researcher Sam Sabetan published a writeup detailing the security flaws in Nexx smart devices, affecting the Nexx Garage Door Controllers NXG-100B and NGX-200, the Nexx Smart Plug NXPG-100W, and the Nexx Smart Alarm NXAL-100.

Sabetan discovered five vulnerabilities, including the use of hardcoded credentials, improper access control on API requests, improper input validation, and improper authentication control.

Universal credentials used in firmware pose a severe security risk

The most severe of the five vulnerabilities is CVE-2023-1748, caused by Nexx Cloud setting a universal password for all newly registered devices.

This password is available on both the API data exchange and the firmware shipped with the device, making it easy for attackers to obtain and send commands to the devices via the MQTT server.

The vulnerability allows an attacker to control any customer’s devices remotely, including garage doors, alarms, and smart plugs.

Nexx’s lack of response to vulnerability reports

Despite multiple attempts to report the vulnerabilities to Nexx, the vendor has yet to acknowledge or fix the issues. Sabetan stated that Nexx has not responded to any correspondence from himself, DHS (CISA and US-CERT), or VICE Media Group.

How to mitigate the Nexx vulnerability

If you own a Nexx smart device and are concerned about the potential security risks, there are several steps you can take to mitigate the issue.

1. Disable internet connectivity: Until Nexx releases a patch to fix the vulnerabilities, you should consider disabling internet connectivity for your Nexx devices. This will help prevent attackers from accessing your devices and exploiting the vulnerabilities.
2. Place your devices behind firewalls: If you must keep your Nexx devices connected to the internet, consider placing them behind firewalls. This can help block unauthorized access attempts and prevent attackers from exploiting the vulnerabilities.
3. Isolate your devices from mission-critical networks: If you use Nexx devices to control critical systems or equipment, consider isolating them from your mission-critical networks. This can help reduce the risk of attackers gaining access to your most important systems.
4. Use a VPN to access your devices remotely: If you need to access your Nexx devices remotely, consider using a VPN. A VPN can encrypt your data transmissions, making it harder for attackers to intercept or exploit them.
5. Keep your devices updated: Once Nexx releases a patch to fix the vulnerabilities, make sure to update your devices as soon as possible. This can help ensure that your devices are protected against the latest threats and vulnerabilities.

The discovery of vulnerabilities in Nexx smart devices highlights the importance of securing IoT devices. With more and more devices being connected to the internet, it is essential that vendors take security seriously and address any vulnerabilities as quickly as possible.

If you own a Nexx smart device, make sure to take steps to mitigate the risks until a patch is released. And if you are a vendor of IoT devices, remember that security should be a top priority.

By prioritizing security, you can help protect your customers and prevent attackers from exploiting vulnerabilities in your products.